| Bug ID |
12081
|
| Summary |
Decode as override does not always work for Linux SLL
|
| Product |
Wireshark
|
| Version |
2.0.1
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 14304 [details]
eapol.rb
Build Information:
Wireshark 2.0.1 (SVN Rev Unknown from unknown)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.2.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with libz 1.2.8, with GLib 2.40.2, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT
Kerberos,
with GeoIP, with QtMultimedia, without AirPcap.
Running on Linux 3.13.0-76-generic, with locale C, with libpcap version 1.5.3,
with libz 1.2.8, with GnuTLS 2.12.23, with Gcrypt 1.5.3.
Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz (with SSE4.2)
Built using gcc 4.8.4.
--
This is version 2.0.1+g59ea380-3~trusty1 from
https://launchpad.net/~wireshark-dev/+archive/ubuntu/stable
I'm trying to decode some raw EAP frames by putting them in the Linux SLL PCAP
format. When using the "Decode as..." feature to override the protocol to EAPOL
for the Ethertype specified in my PCAPs, I can't always get the correct
decoding depending on the protocol type in the SLL header. For examples, if I
specify types 0x0 or 0x1, the decode override *does not* work. If i specify
types 0x800 or 0x1234, the decode override *does* work.
I have attached some test pcaps as well as the script used to generate them,
like so:
ruby eapol.rb $((0x1234)) > ethertype1234-ok.pcap
You are receiving this mail because:
- You are watching all bug changes.
